IdP上线配置
IdP端配置
收到上线成功邮件通知后,需要将IdP里之前存放的预上线环境metadata替换成运行环境metadata,以完成IdP上线过程。
方法一:
[root@www ~]# curl -o /opt/shibboleth-idp/bin/putIdPOnline-tomcat.sh https://ds.carsi.edu.cn/install/3.8.1/commonfileforall/putIdPOnline-tomcat.sh [root@www ~]# chmod +x /opt/shibboleth-idp/bin/putIdPOnline-tomcat.sh [root@www ~]# sh ./putIdPOnline-tomcat.sh This script is used to put IdP into online environment from pre-online system. Steps for putting Idp online(Excute the script with root or tomcat privilege.): To put IdP online from pre-online, press Y,or press N for exit:Y (请输入大写Y,开始执行操作,否则输入大写N并结束脚本)。 脚本执行完毕后,打开ds.carsi.edu.cn选择学校名称并验证IdP功能是否正常。
方法二:
[root@www ~]# vi /opt/shibboleth-idp/conf/metadata-providers.xml
#请依照下面的内容修改定义项中的backingFile、metadataURL的配置内容:
<MetadataProvider id="HTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="/opt/shibboleth-idp/metadata/carsifed-metadata.xml"
minRefreshDelay="PT5M"
maxRefreshDelay="PT10M"
metadataURL="https://www.carsi.edu.cn/carsimetadata/carsifed-metadata.xml">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="/opt/shibboleth-idp/credentials/dsmeta.pem" />
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
[root@www ~]# systemctl restart tomcat9
以上步骤执行完毕后,打开ds.carsi.edu.cn选择学校名称并验证IdP功能是否正常。
企业微信配置修改
如果在企业微信端添加了CARSI应用,需要将应用主页修改为
https://ds.carsi.edu.cn/Shibboleth.sso/Login?SAMLDS=1&target=https%3A%2F%2Fds.carsi.edu.cn%2Fwxds&entityID=https%3A%2F%2F{SERVERNAME}%2Fidp%2Fshibboleth(将{SERVERNAME}替换成IdP域名,如idp.xxx.edu.cn)
腾讯微校配置修改
如果在腾讯微校端添加了CARSI应用,需要将业务地址修改为
https://ds.carsi.edu.cn/Shibboleth.sso/Login?SAMLDS=1&target=https%3A%2F%2Fds.carsi.edu.cn%2Fwxds&entityID=https%3A%2F%2F{SERVERNAME}%2Fidp%2Fshibboleth(将{SERVERNAME}替换成IdP域名,如idp.xxx.edu.cn)
版权所有©北京大学计算中心